or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

build.mdclient.mdcompose.mdconfig.mdcontainers.mdcontext.mdimages.mdindex.mdmanifest.mdnetworks.mdnode.mdplugin.mdpod.mdsecret.mdservice.mdstack.mdswarm.mdsystem.mdtask.mdtrust.mdvolumes.md

trust.mddocs/

0
# Trust Management
1


2
Docker Content Trust for image signing and verification. This component provides cryptographic signing of Docker images to ensure authenticity and integrity, though the implementation is currently a work in progress.
3


4
**Note: The Trust functionality is currently not implemented in python-on-whales. The methods exist as placeholders for future development.**
5


6
## Capabilities
7


8
### Trust Inspection
9


10
Inspect trust metadata for signed images.
11


12
```python { .api }
13
def inspect() -> None:
14
    """
15
    Inspect trust metadata for images.
16
    
17
    Note: This method is not yet implemented.
18
    """
19
```
20


21
### Trust Revocation
22


23
Revoke trust signatures for images.
24


25
```python { .api }
26
def revoke() -> None:
27
    """
28
    Revoke trust signatures for images.
29
    
30
    Note: This method is not yet implemented.
31
    """
32
```
33


34
### Trust Signing
35


36
Sign Docker images with cryptographic signatures.
37


38
```python { .api }
39
def sign() -> None:
40
    """
41
    Sign Docker images for content trust.
42
    
43
    Note: This method is not yet implemented.
44
    """
45
```
46


47
**Future Usage Examples:**
48


49
When implemented, Docker Content Trust operations would work like this:
50


51
```python
52
from python_on_whales import docker
53


54
# These examples show planned functionality - not currently working
55


56
# Sign an image (future functionality)
57
# docker.trust.sign("myregistry.com/myapp:v1.0.0")
58


59
# Inspect trust information (future functionality)  
60
# trust_info = docker.trust.inspect("myregistry.com/myapp:v1.0.0")
61
# print(f"Signers: {trust_info.signers}")
62
# print(f"Valid signatures: {trust_info.valid}")
63


64
# Revoke a signature (future functionality)
65
# docker.trust.revoke("myregistry.com/myapp:v1.0.0", key="release-key")
66


67
# Content trust is typically configured via environment variables:
68
# export DOCKER_CONTENT_TRUST=1
69
# export DOCKER_CONTENT_TRUST_SERVER=https://notary.example.com
70
```
71


72
## Implementation Status
73


74
The Trust component is currently a placeholder in python-on-whales. Docker Content Trust functionality would provide:
75


76
- **Image Signing**: Cryptographically sign images using private keys
77
- **Signature Verification**: Verify image signatures before pulling/running
78
- **Key Management**: Manage signing keys and trust relationships  
79
- **Notary Integration**: Work with Docker Notary servers for distributed trust
80
- **Policy Enforcement**: Configure trust policies for registries and repositories
81


82
When implemented, this would enable secure supply chain workflows where only signed images from trusted publishers can be deployed in production environments.
83


84
## Types
85


86
```python { .api }
87
# Future types when trust functionality is implemented
88


89
class TrustData:
90
    repository: str
91
    signed_tags: List[SignedTag]
92
    signers: List[Signer]
93
    administrative_keys: List[Key]
94


95
class SignedTag:
96
    signed_tag: str
97
    digest: str
98
    signers: List[str]
99


100
class Signer:
101
    name: str
102
    keys: List[Key]
103


104
class Key:
105
    id: str
106
    role: str
107
    key_type: str
108
```